Hello,
I ran a kprobe on apparmor.
# kprobe command perf probe common_lsm_audit # perf command & tail syslog to watch for warning messages from aa_ perf record -e probe:common_lsm_audit -a -g sleep 400
amd64 115533 [002] 83559.450382: probe:common_lsm_audit: (ffffffffb467d2f0) ffffffffb467d2f1 common_lsm_audit+0x1 ([kernel.kallsyms]) ffffffffb46a3fa7 aa_audit_file+0x127 ([kernel.kallsyms]) ffffffffb46a46b1 __aa_path_perm+0xa1 ([kernel.kallsyms]) ffffffffb46a47a9 profile_path_perm.part.0+0x79 ([kernel.kallsyms]) ffffffffb46a48ad aa_path_perm+0xdd ([kernel.kallsyms]) ffffffffb46a1470 apparmor_file_open+0x1e0 ([kernel.kallsyms]) ffffffffb465012b security_file_open+0x2b ([kernel.kallsyms]) ffffffffb44cf5ef do_dentry_open+0xdf ([kernel.kallsyms]) ffffffffb44d0fdd vfs_open+0x2d ([kernel.kallsyms]) ffffffffb44e5d64 do_last+0x194 ([kernel.kallsyms]) ffffffffb44e655d path_openat+0x8d ([kernel.kallsyms]) ffffffffb44e7bd1 do_filp_open+0x91 ([kernel.kallsyms]) ffffffffb44d12fe do_sys_open+0x17e ([kernel.kallsyms]) ffffffffb44d1490 __x64_sys_openat+0x20 ([kernel.kallsyms]) ffffffffb4204fe7 do_syscall_64+0x57 ([kernel.kallsyms]) ffffffffb4e000a4 entry_SYSCALL_64_after_hwframe+0x5c ([kernel.kallsyms]) 4abaea [unknown] (/snap/maas/33860/usr/share/maas/machine-resources/amd64) 4d14bb [unknown] (/snap/maas/33860/usr/share/maas/machine-resources/amd64) 4cffc5 [unknown] (/snap/maas/33860/usr/share/maas/machine-resources/amd64) 6a479a [unknown] (/snap/maas/33860/usr/share/maas/machine-resources/amd64)
# binary /snap/maas/33860/usr/share/maas/machine-resources/amd64
# MAAS code https://git.launchpad.net/maas/tree/src/host-info/Makefile?h=3.5 https://git.launchpad.net/maas/tree/src/host-info/pkg/info/info.go?h=3.5 func getResources() (*lxdapi.Resources, error) { return resources.GetResources() } https://github.com/casual-lemon/maas/blob/master/src/host-info/pkg/info/info.go#L167 https://github.com/canonical/lxd/blob/aab7941c0270a21586ed1923adf6ec4f5a0b8cf3/lxd/resources/resources.go#L10 https://github.com/canonical/lxd/blob/aab7941c0270a21586ed1923adf6ec4f5a0b8cf3/lxd/resources/storage.go#L133 // Detect all block devices if sysfsExists(sysClassBlock) { entries, err := os.ReadDir(sysClassBlock)
I followed the Maas source code, and it uses the LXD API to make a call to storage.go which tries to access any block devices on the host.
Cheers, Heather Lemon
Hello,
I ran a kprobe on apparmor.
# kprobe command lsm_audit -a -g sleep 400
perf probe common_lsm_audit
# perf command & tail syslog to watch for warning messages from aa_
perf record -e probe:common_
amd64 115533 [002] 83559.450382: probe:common_ lsm_audit: (ffffffffb467d2f0)
ffffffffb467d2 f1 common_ lsm_audit+ 0x1 ([kernel.kallsyms])
ffffffffb46a3f a7 aa_audit_file+0x127 ([kernel.kallsyms])
ffffffffb46a46 b1 __aa_path_perm+0xa1 ([kernel.kallsyms])
ffffffffb46a47 a9 profile_ path_perm. part.0+ 0x79 ([kernel.kallsyms])
ffffffffb46a48 ad aa_path_perm+0xdd ([kernel.kallsyms])
ffffffffb46a14 70 apparmor_ file_open+ 0x1e0 ([kernel.kallsyms])
ffffffffb46501 2b security_ file_open+ 0x2b ([kernel.kallsyms])
ffffffffb44cf5 ef do_dentry_open+0xdf ([kernel.kallsyms])
ffffffffb44d0f dd vfs_open+0x2d ([kernel.kallsyms])
ffffffffb44e5d 64 do_last+0x194 ([kernel.kallsyms])
ffffffffb44e65 5d path_openat+0x8d ([kernel.kallsyms])
ffffffffb44e7b d1 do_filp_open+0x91 ([kernel.kallsyms])
ffffffffb44d12 fe do_sys_open+0x17e ([kernel.kallsyms])
ffffffffb44d14 90 __x64_sys_ openat+ 0x20 ([kernel.kallsyms])
ffffffffb4204f e7 do_syscall_64+0x57 ([kernel.kallsyms])
ffffffffb4e000 a4 entry_SYSCALL_ 64_after_ hwframe+ 0x5c ([kernel.kallsyms])
4abaea [unknown] (/snap/ maas/33860/ usr/share/ maas/machine- resources/ amd64)
4d14bb [unknown] (/snap/ maas/33860/ usr/share/ maas/machine- resources/ amd64)
4cffc5 [unknown] (/snap/ maas/33860/ usr/share/ maas/machine- resources/ amd64)
6a479a [unknown] (/snap/ maas/33860/ usr/share/ maas/machine- resources/ amd64)
# binary 33860/usr/ share/maas/ machine- resources/ amd64
/snap/maas/
# MAAS code /git.launchpad. net/maas/ tree/src/ host-info/ Makefile? h=3.5 /git.launchpad. net/maas/ tree/src/ host-info/ pkg/info/ info.go? h=3.5 GetResources( ) /github. com/casual- lemon/maas/ blob/master/ src/host- info/pkg/ info/info. go#L167 /github. com/canonical/ lxd/blob/ aab7941c0270a21 586ed1923adf6ec 4f5a0b8cf3/ lxd/resources/ resources. go#L10 /github. com/canonical/ lxd/blob/ aab7941c0270a21 586ed1923adf6ec 4f5a0b8cf3/ lxd/resources/ storage. go#L133 sysClassBlock) { sysClassBlock)
https:/
https:/
func getResources() (*lxdapi.Resources, error) {
return resources.
}
https:/
https:/
https:/
// Detect all block devices
if sysfsExists(
entries, err := os.ReadDir(
I followed the Maas source code, and it uses the LXD API to make a call to storage.go which tries to access any block devices on the host.
Cheers,
Heather Lemon